This is Part 1 of the iOS Code Signing tutorial series. This series covers fundamentals of the iOS code signing process.

Genuinely, iOS devices only run apps that have been signed by trusted developers, unless you have jailbroken iOS devices. If you are an iOS engineer, you must have battled with code signing at some point. Code signing is one of the painful and cumbersome tasks for iOS developers, but they cannot run away from code signing activities. Code signing and provisioning profiles have been an ongoing annoyance and will continue to be until developers completely understand the basics of code signing. This is an introductory post explaining the code signing process with its benefits and limitations.

About This Series

Code signing of iOS apps is one of the hot topics for every iOS developer. Although there are multiple resources available online, as well as Apple's clean documentation on the code signing process, it's still a mystery. In this series, we will try to understand the code signing process from scratch, including what's needed for code signing, to the actual code signing process itself. We will also explore the GUI, as well as command line methods of doing things whenever applicable. We will start with Certificate Signing Requests to get an iOS Development certificate, then we will cover the certificate and it's internal parts. After understanding the certificates, we will do a deep dive into the provisioning profiles and finally, we will understand the code signing process.

This series is written in my own words after doing some research on the web and Apple's documentation. I have covered all these reference material in the final post. I have also attached some screenshots from the Apple Developer portal and Xcode so that readers can understand the concepts. I tried to hide all the sensitive content, but if there is something exposed by mistake, please don't hack me!

Code Signing

Before we jump into Apple's way of code signing iOS apps, let's explore what code signing is in general. In real life, we sign different contracts, agreements for various things. Why do we sign those contracts? What does a signature mean to us and why is it important? It's simple because signing contracts protect us legally and we trust that the terms and conditions in the contracts cannot be altered whilst the contract is in place. The signature also ensures the security that the contract comes from trusted authorities and not from scammers. Signing contracts gives us security, safety, and trust.

Similarly, code signing is the process of digitally signing any form of code to confirm who wrote the code and guarantee that code has not been changed or corrupted when it was signed. The code signing uses a cryptographic hash to verify authenticity and integrity of the software code. In the software world, code signing ensures the identity of the author, integrity of the code, build system and versioning so that users of the software feel secure and safe while using them. Code signing uses various security terms like a public key, private key, certificates, digital signatures etc. There are different approaches to code signing used on the different platforms e.g. Linux, Windows, macOS.

iOS Code Signing

Apple supposedly has very powerful security mechanisms apart from a few recent glitches that you might have read in the news. It's very hard for black-hat hackers to break this mechanism. Apple also uses a strong code signing mechanism to provide security, integrity, and safety for iOS apps downloaded from the Apple App Store. Most of the time, iOS code signing seems to be magic that happens under the hood. If it works, everyone is happy, and if it doesn't, everyone panics. Most iOS engineers have no clue what happens under the hood when the apps they write are being signed. In recent days, Apple tried to make code signing less painful by introducing the Automatic Signing feature in Xcode so that code signing activities don't interrupt the main development flow. Code signing on the Apple platform relies on public-key cryptography on the X.509 standard. We will discuss all these tools and techniques later in this series.

Why Learn About iOS Code Signing?

As most of the code signing tasks are being handled by Xcode these days, why we should care about code signing and invest our time in learning about it?

Here are some of the reasons to learn about the code signing internals:

Gone are the days when iOS engineers used to deploy iOS apps from Xcode installed on the local machine. Companies are adopting DevOps and CI/CD to deploy software as soon as it is built, so all the builds need to be automated without any human or GUI interactions.

There are thousands of developer hours wasted because Xcode's code signing failed and the developer tries to fix the code signing issues by regenerating and repairing certificates and provisioning profiles.

Third-party tools like Fastlane have made build scripting much easier for iOS developers. However, after Apple made changes in the underlying technologies, Fastlane keeps breaking and developers spend hours, days, and weeks fixing the broken deployment scripts. In some cases, engineers have to wait until new changes are implemented in Fastlane.

If you are an iOS developer/engineer and want to be an iOS engineer for all your life, then you don't have to learn about these things. However, if you want to grow up in your career, then you must know the underlying tools, technologies, and entire iOS ecosystem in details. You won't get to iOS Tech Lead, iOS Tech Architect, or similar roles if you don't know about these underlying technologies, regardless of how good you are in your iOS development skills. As a tech architect, you should be able to fix code signing or similar infrastructure-related issues quickly and without relying on Xcode or other third-party tools.

I hope that is enough to convince the important of code signing. It's up to you whether to learn it or leave it.

Pre-Requisite

Let's dive into the world of iOS code signing. We will cover everything from scratch in terms of whats needed and what it does under the hood. In order to get started, we need the following things, which I believe everyone already has if you are reading this post.

macOS

Apple Developer Membership

Xcode 9+

Once you have all these, you are ready to dig into the iOS code signing stuff.

Benefits of Code Signing

Apple wants us to go through the complex code signing process because it has some benefits to real users. The users of iOS apps feel secure when they download the apps from Apple's app store. The code signing ensures that

The legitimate developer has written this code and it has the identity of the signer or author of the apps.

The code hasn't been altered by someone since it was written by the author. It guarantees that code produced by the author is original and there is nothing injected into the code since it was signed by the author.

Users can download the apps from the developers they trust without worrying too much about security.

Code signing is for the safety and security of iOS users so that they feel safe using the apps they downloaded from the app store.

Limitations of Code Signing

Although code signing is for the security of the users, there are some aspects that do not address security issues all the time:

Code signing ensures that code has been coming from a legitimate developer who is a member of Apple Developer program, but doesn't guarantee that code itself is free from security vulnerabilities.

Code signing doesn't guarantee that app plugins which load dynamically during the execution of apps are secure.

There is no digital rights management or copy protection technology for the signed code.

Now that we have covered the importance of learning about code signing's benefits and limitations, in the next post, we will go through the important concept of where the code signing process starts, i.e. Certificate Signing Requests.